Various utilities to run with ssh-user

Although the following are stand alone scripts, they were created as part of the ssh-user project, and are intended primarily to be used within the context of that project.

Environment

All these scripts must be run using the bash shell interpreter under Linux.

debstatus

Display Debian package status

Parse Debian package status file and extract summary information

Execution

There are two types of arguments for the command:

debstatus list-of-packages

will display details for each package package specified in the list-of_packages

debstatus option

Will display summary information regarding all packages. Generally, this will simply display a list of packages that meet a specified criteria.

options can be any of the following (none of the options are case sensitive):

• -ALL (alias -AL)

  Will list the names of all packages.

• -INSTALLED (alias -I, -IN, or -INSTALL)

  Will list the names of all packages that have been installed on the system.

• -NOTINSTALLED (alias -NOI, -NOINSTALL, or -NOTINSTALL)

  Will list the names of all the packages that have been downloaded but not installed on the system.

• -ARCHITECTURE (alias -ARCH, or -AR)

  Will list all the architectures for which packages exist on the system. This does not list which packages are for which architecture. only listing that there are some packages for each of the architectures reported.

• PRIORITY=_list-of-package-priorities_ (alias-P`)

  list-of-package-priorities is a comma separated list of package priorities against which to select packages to be display. Package names will be listed for any package that match any of the selected priorities.

  Allowed priorities are:

  • optional (alias o and opt)
  • required (aliasr,req,mandatory, andm`)
  • standard (alias s and stand)
  • extra (alias x)

Example

ssh test1@localhost "debstatus -ar"

Output

all,amd64

Example

debstatus -noi

Output

anacron
exim4-base
exim4-config
exim4-daemon-light
fuse
gnustep-base-runtime
gnustep-common
kdeconnect
libgnustep-gui0.28
libkf5contacts-data
libkf5people5
messengerfordesktop
plocate
powertop
wireless-tools
xpra
zfs-fuse

Example

debstatus anacron zfs-fuse

Output

# --------------------
# Package: anacron
Package: anacron
Status: deinstall ok config-files
Priority: optional
Section: admin
Installed-Size: 104
Maintainer: Debian QA Group <packages@qa.debian.org>
Architecture: amd64
Version: 2.3-30
Config-Version: 2.3-30
Depends: debianutils (>= 1.7), lsb-base (>= 3.0-10), libc6 (>= 2.7)
Recommends: cron | cron-daemon
Suggests: default-mta | mail-transport-agent, rsyslog | system-log-daemon, powermgmt-base
Conffiles:
 /etc/anacrontab 00ff43422e8756204113c5546b00d529
 /etc/cron.d/anacron 389b4ee27d3023ec855897c16612f319
 /etc/cron.daily/0anacron a46c5cc26a2a6715d0155781ddd07a19
 /etc/cron.monthly/0anacron 402ac7af3ebd2da5dddcd3712d776ae3
 /etc/cron.weekly/0anacron b2c55b2905f28b3b53bdf3e2d66e830b
 /etc/default/anacron 964d39a52b30de6627ba346001730f03
 /etc/init.d/anacron cb16d990aa80ca20aee7ea2ab91ff714
Description: cron-like program that doesn't go by time
 Anacron (like "anac(h)ronistic") is a periodic command scheduler.  It
 executes commands at intervals specified in days.  Unlike cron, it
 does not assume that the system is running continuously.  It can
 therefore be used to control the execution of daily, weekly, and
 monthly jobs (or anything with a period of n days), on systems that
 don't run 24 hours a day.  When installed and configured properly,
 Anacron will make sure that the commands are run at the specified
 intervals as closely as machine uptime permits.
 .
 This package is pre-configured to execute the daily jobs of the
 Debian system.  You should install this program if your system isn't
 powered on 24 hours a day to make sure the maintenance jobs of other
 Debian packages are executed each day.
Homepage: http://sourceforge.net/projects/anacron/

# --------------------
# --------------------
# Package: zfs-fuse
Package: zfs-fuse
Status: deinstall ok config-files
Priority: optional
Section: otherosfs
Installed-Size: 3507
Maintainer: Debian QA Group <packages@qa.debian.org>
Architecture: amd64
Version: 0.7.0-21
Config-Version: 0.7.0-21
Depends: fuse (>= 2.8.7-2), lsb-base, libaio1 (>= 0.3.93), libc6 (>= 2.29), libfuse2 (>= 2.8.7-2), libssl1.1 (>= 1.1.0), zlib1g (>= 1:1.1.4)
Suggests: kpartx, nfs-kernel-server
Conffiles:
 /etc/default/zfs-fuse 13fdadc48750d09f2412577aad965e19
 /etc/init.d/zfs-fuse dbb858277c0747e3efeb6830884e4675
 /etc/zfs/zfs_pool_alert a90eac266a1759cb9527d8fa5f408f07
 /etc/zfs/zfsrc 3f858fbb9e53cdc175bbe6eb320d9133
Description: ZFS on FUSE
 ZFS is an advanced filesystem from Sun Microsystems, originally developed
 for solaris. It provides a number of advanced features, such as live
 integrity checks, atomic updates, atomic snapshots and clones, compression,
 and much more.
 .
 This package provides an implementation of Sun's ZFS filesystem in userspace,
 using FUSE.
Homepage: http://zfs-fuse.net

# --------------------

debhistory

Display Debian package history

Parse history logs for Debian packages and report actions listed in the logs.

Execution

Command format is: debistory list-of-actions

Where list-of-actions are the actions that are to be searched for within the logs.

The actions allowed are:

• configure
• install
• startup
• status
• trigproc
• upgrade
• remove

All actions may be shortened to the shortest unambiguous for. In most cases this means only the first chracter of the action is necessary, excepting to startup and status which need a minimum of 4 characters in order to be unambiguous.

Example

debhistory i r

Output

2021-02-15 08:55:15 install dnsmasq:all <none> 2.80-1+rpt1+deb10u1
2021-02-15 08:55:15 install dnsmasq-base:armhf <none> 2.80-1+rpt1+deb10u1
2021-02-15 08:55:15 install dns-root-data:all <none> 2019031302
2021-02-15 11:12:59 install esmtp:armhf <none> 1.2-17
2021-02-15 11:12:59 install libesmtp6:armhf <none> 1.0.6-4.3
2021-02-15 12:11:03 install lynx:armhf <none> 2.8.9rel.1-3
2021-02-15 12:11:03 install lynx-common:all <none> 2.8.9rel.1-3

~~~ Lots more lines ~~~

2021-12-26 08:24:16 remove testdisk:armhf 7.0-3+b3 <none>
2021-12-26 08:24:32 remove diskscan:armhf 0.20-1 <none>
2021-12-26 09:16:56 install libatasmart4:armhf <none> 0.19-5
2021-12-26 09:16:56 install libatasmart-dev:armhf <none> 0.19-5
2021-12-26 09:16:57 install libncurses5-dev:armhf <none> 6.1+20181013-2+deb10u2
2021-12-26 09:16:57 install libncurses-dev:armhf <none> 6.1+20181013-2+deb10u2
2021-12-26 09:16:57 install libncursesw5-dev:armhf <none> 6.1+20181013-2+deb10u2

isallowed

** Display whether command is allowed to be run in ssh constrained environment**

This utility looks at the startup control file (startup.allow) used by ssh-user and determines if the specified commands are allowed to be run in that environment.

Execution

Command format is: isallowed list-of-commands

Example

ssh test1@localhost "isallowed showfile invalid"

Output

Allowed: showfile
Not allowed: invalid

Note that is isallowed is itself not allowed to be run then no output will be generated by the ssh command, but the log files on the target system will show an attempt to execute a disallowed command.

readhash

List file details to stdout

This utility walks down a directory tree listing a summary of all the files encountered in the directory tree.

It only lists files it is capable of reading, and will silently skip over files and directories to which is has no permissions to read. The exception is if a file or directory that is included on the command line is inaccessible then an error will be raised.

Although the output of this script is human readable, it is primarily intended as a tool for other utility, such as file backups or utilities to check the integrity of files (e.g. utilities that might want to know when a file has been changed).

Execution

Command format is: readhash list-of-targets

list-of-targets is a list of filenames or directory names for which details are to be displayed.

Example

readhash .

Output

-rwx--x--x 6947091:1 0 ggb:ggb 2022-01-10T20:00:49.964854019 +0000 2022-01-10T20:00:49.964854019+0000 inode/x-empty;charset=binary e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  /home/ggb/Dev/readhash/.hg/wcache/checkisexec
-rw-r--r-- 6947168:1 0 ggb:ggb 2022-01-10T20:03:29.081724072 +0000 2022-01-10T20:03:29.081724072+0000 inode/x-empty;charset=binary e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  /home/ggb/Dev/readhash/.hg/wcache/checknoexec
-rw-r--r-- 6947179:1 57 ggb:ggb 2022-01-10T18:14:41.418058259 +0000 2022-01-10T18:14:41.418058259+0000 application/octet-stream;charset=binary a33451bc1a46c3645d0a71511838a51983709a923e639faeae4d93442baf2f48  /home/ggb/Dev/readhash/.hg/00changelog.i
-rw-r--r-- 6947180:1 59 ggb:ggb 2022-01-10T18:14:41.422058179 +0000 2022-01-10T18:14:41.422058179+0000 text/plain;charset=us-ascii b54aa6b8677f0a3c14a904020ee48c6239504da71e8f5c2fb4e69f32acca2c27  /home/ggb/Dev/readhash/.hg/requires
-rwxr-xr-x 6947197:3 710 ggb:ggb 2022-01-10T18:59:46.064554464 +0000 2022-01-10T19:32:43.022043724+0000 text/x-shellscript;charset=us-ascii 205e55ca8ed436e5b1d1c01c2a15a01dec119e9181e13480c1139e7d5b9ce244  /home/ggb/Dev/readhash/edit-md
-rw-rw-r-- 87165052:6 37 ggb:ggb 2021-08-20T19:35:33.257448886 +0100 2022-01-10T18:14:36.174162240+0000 text/plain;charset=us-ascii e3013ac41dc86e5b9f06c178e8f6379a725d43575adcf1b97595da23a2c5757c  /home/ggb/Dev/readhash/.hgignore
-rw-r--r-- 6947183:1 684 ggb:ggb 2022-01-10T18:43:10.760194830 +0000 2022-01-10T19:52:15.370976784+0000 text/plain;charset=us-ascii ae9cbe3f2c8c9a8ab108fdac0133201e2c51a2765dcafcc8d5a42bff24ec34fe  /home/ggb/Dev/readhash/README.md
-rwxr-xr-x 6947072:2 2303 ggb:ggb 2022-01-10T05:05:54.025232388 +0000 2022-01-10T20:24:33.420860957+0000 text/x-shellscript;charset=us-ascii 01a8ed023ce0637c45b22ddc16a6e63ec61aad853be8cb99bace44d27cd3f7cd  /home/ggb/Dev/readhash/readhash
-rwxrwxr-x 87164898:7 727 ggb:ggb 2021-09-15T13:15:46.735150549 +0100 2022-01-10T18:14:26.386356330+0000 text/x-shellscript;charset=us-ascii 367ad0840a69b0b47e6da820653a9c97318e4fe019c1a848fa51e21cc359be0c  /home/ggb/Dev/readhash/edit

Output format

Each row of the output represents a single file. Output is only generated for plain files, not directories, devices, or other special files.

Each row is a series of space separated fields. The fields are:

• File-permissions
• File inode number and number of hard links (seperated by ':')
• File size (number of bytes in file)
• File owner and group (seperated by ':')
• File create time
• File modification time
• File mime type
• File hash (sha256 as hexadecimal string)
• Fully pathed file name

showb64z

Convert one or more files to 7-bit safe and send to STDOUT

If the input file is in text for it will be compressed using gzip before being converted to base-64 using the base64 command. If the input file is a binary file then it will simply be onverted to base-64 without any compression (with the assumption that most binary files will not compress well, so you may be simply consuming CPU resources in compressing the file while gaining little in reduced transmission time for the effort).

Execution

Command format is: showb64z list-of-files

Example

showb64z test1 test2

Output

# %{ 1 }% Sending as gzip: '/home/ggb/Dev/showb64z/test/test1'
H4sIAAAAAAAEAwvJyCxWAKJEhZLU4hKFtMycVD1dMGUFFjHkAgB7Ju8UIgAAAA==
# %{ 2 }% Sending as gzip: '/home/ggb/Dev/showb64z/test/test2'
H4sIAAAAAAAEAwvJyCxWAKLEvPySjNQihZLU4hKFtMycVAVdMGUFFjHS4+ICALbJHpAqAAAA
# %{ 3 }% Finished.

The output has a separate segment for each file encoded.

Each segment is preceded by a segment header. The segment header starts with a segment number, followed by a message indicating whether the file is encoded raw or gzipped before encoding, and finally the fully pathed original file name.

saveb64z

This takes a file or stream produced by showb64z and recreates the original file.

Execution

Command format is: saveb64z options

Options

• None of the options are case sensitive (e.g. INPUT may be input or Input).

• Any of the options may be abbreviated to a single letter (e.g. OUTPUT may be O).

• Any of the options may be prefixed with a hyphen (e.g. SEQUENCE may also be written as -SEQUENCE).

The following options may be provided:

• HELP

Display summary help message.

If this option is used then all other options will be ignored.

? is an alias for HELP.

• INPUT=input-file-name

Where input-file-name is the name of a file that was created by showb64z.

If this option is omitted that input will be read from STDIN.

• OUTPUT=output-file-name

Where output-file-name is the name of the file that will be written with the decoded file contents.

If this option is omitted then the output will be written to STDOUT.

• SEQUENCE=file-segment-number

Where file-segment-number is the segment number (as specified in the segment header) for the file that is desired to be extracted.

If this option is omitted then segment number 1 will be extracted.

SEQ is an alias for SEQUENCE.

Example

showb64z test1 test2 | saveb64z s=2

Output

This is another test file - file: test2.

showfile

Copy file(s) to stdout

This utility takes one or more files and copies them to stdout.

Functionally, this can be achieved just as well with the Linux cat command, and all this script does is put a wrapper around the Linut cat command. The reason for this wrapper is to allow it to be used as the target of an ssh connection in a controlled manner.

Execution

The command format is: showfile list-of-filenames

Each file with be sent to stdout without any adornment. If more than one file is in the list, the files will be concatenated just as they would when using the cat command.

showuser

Utility to collect and display data pertaining to user logons.

This may be run under superuser authority or normal user authority.
If run under superuserauthory then some addirional information will be
displayed, but most information will be the same in both cases.

The options are:

showuser -HELP

• Will display a help message.

showuser -ALL

• Will display information about all users.

showuser -ME

• Will display details for the currently logged on user.

• If this is run with root authority (e.g. by using sudo) then it will show details for the root user.

showuser -LOGONS

• Will display information about all users allowed to log on to the system (i.e. will exclude users with no logon privileges).

This option is only allowed when running with superuser authority.

showuser list-of-user-names

• Will display information about each of the users included in
  the list.

All keywords may be abbreviated to a single character (i.e. -ALL may be shortened to -A).

The output is formatted as YAML.

Example

Command

sudo showuser saned

Output:

# User details for saned
-   name: saned
    id: 114
    comment: 
    logon-status: No logon
    primary-group: saned
    groups:
    -   saned
    -   scanner
    running-processes: 0
    terminal-sessions: 0
    ssh-authorized-keys: 
    home: /var/lib/saned
    shell: /usr/sbin/nologin